2.2.0 (2007-11-28)

SiverStripe 2.2.0 was released on '''28 November 2007''' and had the following changes:

Upgrading

Login Form

Check that you have a Layout/Page.ss file for your site, or alternately have a Security_login.ss template.
Your template file needs a $Form variable for it to work. This is where the login form gets included. Without either of
these, the Security/login form will be blank.

Form Actions HTML/CSS

Check css/js and subclassed templates of Form.ss for changed markup. A global search for "p.Actions" should cover both
js/css changes.

Form Security Token

There has been a hidden 'SecurityID' field added to SilverStripe generated forms by default, with the purpose to stop
CRSF attacks. If you wish your form not to be tied to a specific session, and able to be able to be executed by URL
without the SecurityID, you can disable it on your form with

$form->disableSecurityToken();

The other issue to be aware of is constructing the URL to execute the form manually, as is done in javascript sometimes.
If the security token is enabled, you need to add its value to the URL, eg:

Draft/Archived content can only be viewed by users with permission to access the CMS

Core

Added _t() for internationalisation

Check if TEMP_FOLDER is already defined before defining it, allowing the user to set the temporary folder themself

DataObject

Added merge()

Director

Added extend_site(), which allows modules to register a function that will be run on every page load

redirectBack() now redirects to the base URL if neither the referrer nor the _REDIRECT_BACK_URL is set

Added support for translatable URLs

Added is_cli()

Added set_status_code() and get_status_code()

Email

Define 'EMAIL_BOUNCEHANDLER_KEY' in sapphire/_config.php and require its value to be sent as 'Key' $_GET var in pings to /Email_BounceHandler to prevent fake email bounce pings

Display an error on duplicate bounce logs instead of a blank screen

If the contents of the X-SilverStripeMessageID header is sent to /Email_BounceHandler in the 'SilverStripeMessageID' _GET variable, then it will be logged in the Newsletter_SentRecipient table so that the bounce report will show up on the 'Sent Status Report' tab of the Newsletter

Bounced newsletter recipient emails and blacklisted by default

FieldSet

Added insertBeforeRecursive()

FileSystem

Added $file_create_mask and $folder_create_mask, which are used whenever creating new files/folders in sapphire

Form

All Forms now have a hidden SecurityID field to prevent CSRF attacks

Added disableSecurityToken() to disable the SecurityID field

Added securityTokenEnabled()

Changed <p class="Actions"> to <div class="Actions">

Renamed PureName() to Name()

GD

Added rotate()

Added rotatePixelByPixel(), allowing rotation where the imagerotate function is unavailable

Added crop()

Added getWidth()

Added getHeight()

Hierarchy

Versioned now automatically add suffixes, so Hierarchy no longer needs to

HTTP

Added register_modification_timestamp()

Added register_etag()

ImageField

Improved layout

Int

Added support for default value

ManifestBuilder

Refactored getClassManifest() for clearer ignore rules

Ignore i18n language files

Ignore folders that have a '_manifest_exclude' file

Member

Automatically login user if the 'remember login' cookie is set

Added createNewPassword(), which generates a random password, optionally using a word list

Added support for password encryption

Added Locale field to store user preferred language

Added the ability for Member decorators to augment MemberFormFields()

MemberLoginForm (refactored from old LoginForm)

Save the email address in the session to reuse when the login fails

ModelAsController

Added support for translatable URLs

Object

Added require_developer_login(), which allows you to check if the user has permission to use URL debugging tools

?debugmethods=1 now requires developer login

PageComment

Added the ability to have BBCode in comments (disabled by default)

PasswordField

Always show five stars in performReadonlyTransformation(), so it is impossible to use the information of the password length for brute-force attacks

Permission

Added declare_permissions()

Added get_declared_permissions_list()

Added traverse_declared_permissions()

Added Permission_Group class, used to group permissions together for showing on an interface

Added $admin_implies_all, if this is false then the 'ADMIN' permission doesn't imply all permissions

Refactored Permission::checkMember(), should be faster now because the non-strict checking is now only executed if the user doesn't has the permission

Added deny(), giving the ability to define 'deny permissions'

RecipientImportField

Added default 'GenericEmail.ss' template

RestfulService

Added caching

RSSFeed

Added support for conditional GETs

Security

Added support for password encryption

Added set_word_list() and get_word_list(), to set the location of the word list used in Member::generateNewPassword()

Session

Added save(), which copies the current controllers session to $_SESSION

SiteTree

Changed references to 'stage site' to 'draft site' in TreeTitle()

Use Translatable interface by default

Add content language in MetaTags()

Add delete class to unpublish and rollback buttons

SSViewer

Added support for internationalisation in templates, using <% _t() %>

Added $Iteration in templates, which keeps track of the number of iterations in a control block

TableListField

Prevent onclick event in td.markingcheckbox from showing the popup

TabSet

Remove tabset div to reduce wasted space on tabs

Added insertBeforeRecursive()

ToggleCompositeField

Refactored from TogglePanel

Added icons and used 'cursor: pointer' to make it obvious that it is clickable

Versioned

Added the ability to versionise suffixed tables that have names that are not DataObject descendants

Added canBeVersioned()

Added extendWithSuffix()

Added hasVersionField()

Bugfixes

Sapphire

E_NOTICE fixes

Fixed incorrect deprecated message in Convert::raw2xml()

Don't show and error message and quit the script when @ is used to suppress the error

Changed width of HTMLEditorFields to prevent horizontal scrollbars in IE7

Added checks in DataObjectSet::First() and DataObjectSet::Last() to prevent errors on an empty $items array

Fixed incorrect treatment of Member::logout() as a static method in Security::logout()

Ensure Priority is set in SiteTree::onBeforeWrite(), otherwise an invalid SQL statement will be generated when the page is published

Only highlight broken links in HTMLEditorFields once, to prevent execution timeouts when there are lots of identical broken links